[openssl-users] X25519 - why openssl shows server temp key as 253 bits?
Michael Richardson
mcr at sandelman.ca
Tue Sep 4 16:10:04 UTC 2018
Robert Moskowitz <rgm at htt-consult.com> wrote:
> A curve point needs an x and a y. But do you need the y for the
> computation. Do you only need its sign? I don't know. I am not a
> mathematician.
My understanding is that you need x and y to do the computation.
(And I observe this in code)
However, since x and y have to be on the curve, if you know x, then
that constrained y to be one or two values... so you need to know the *sign*
of y, which is transmitted as a single bit. Then you can calculate y.
The fundamental reason behind this is because sqrt(4) = 2, and sqrt(4) = -2...
Since some bits of the x are required to be 0, it's possible to encode the
sign of Y into the encoded X bit-stream...
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180904/ff7a3f51/attachment.sig>
More information about the openssl-users
mailing list